Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2631 | 1 Tinywebgallery | 1 Tinywebgallery | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. | |||||
| CVE-2017-16635 | 1 Tinywebgallery | 1 Tinywebgallery | 2017-11-29 | 3.5 LOW | 5.4 MEDIUM |
| In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create. | |||||